public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/28931] New: hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE
@ 2022-03-01 2:33 siddhesh at sourceware dot org
2022-03-01 2:34 ` [Bug libc/28931] " siddhesh at sourceware dot org
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: siddhesh at sourceware dot org @ 2022-03-01 2:33 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28931
Bug ID: 28931
Summary: hosts lookup broken for SUCCESS=CONTINUE and
SUCCESS=MERGE
Product: glibc
Version: 2.35
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: siddhesh at sourceware dot org
CC: drepper.fsp at gmail dot com
Target Milestone: ---
SUCCESS=CONTINUE should discard any results so far and try the next NSS module.
The current implementation in gaih_inet however does not do that.
SUCCESS=MERGE should merge results from the previous and next module but that
is broken with gethostbyname4_r, since it tries to allocate both into the same
scratch buffer, overwriting the previous results.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE
2022-03-01 2:33 [Bug libc/28931] New: hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE siddhesh at sourceware dot org
@ 2022-03-01 2:34 ` siddhesh at sourceware dot org
2022-03-01 2:34 ` siddhesh at sourceware dot org
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: siddhesh at sourceware dot org @ 2022-03-01 2:34 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28931
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned at sourceware dot org |siddhesh at sourceware dot org
Status|NEW |ASSIGNED
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE
2022-03-01 2:33 [Bug libc/28931] New: hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE siddhesh at sourceware dot org
2022-03-01 2:34 ` [Bug libc/28931] " siddhesh at sourceware dot org
@ 2022-03-01 2:34 ` siddhesh at sourceware dot org
2022-03-02 8:58 ` siddhesh at sourceware dot org
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: siddhesh at sourceware dot org @ 2022-03-01 2:34 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28931
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--- Comment #1 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Bugs triggered by nsswitch.conf, which already needs root to change.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE
2022-03-01 2:33 [Bug libc/28931] New: hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE siddhesh at sourceware dot org
2022-03-01 2:34 ` [Bug libc/28931] " siddhesh at sourceware dot org
2022-03-01 2:34 ` siddhesh at sourceware dot org
@ 2022-03-02 8:58 ` siddhesh at sourceware dot org
2022-03-22 14:13 ` cvs-commit at gcc dot gnu.org
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: siddhesh at sourceware dot org @ 2022-03-02 8:58 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28931
--- Comment #2 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
(In reply to Siddhesh Poyarekar from comment #0)
> SUCCESS=MERGE should merge results from the previous and next module but
> that is broken with gethostbyname4_r, since it tries to allocate both into
> the same scratch buffer, overwriting the previous results.
Re-reading the manual, it looks like we require SUCCESS=merge to return lookup
failure for all but the groups database.
====
The @samp{merge} only applies to the @samp{success} status. It is
currently implemented for the @samp{group} database and its group
members field, @samp{gr_mem}. If specified for other databases, it
causes the lookup to fail (if the @var{status} matches).
====
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE
2022-03-01 2:33 [Bug libc/28931] New: hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE siddhesh at sourceware dot org
` (2 preceding siblings ...)
2022-03-02 8:58 ` siddhesh at sourceware dot org
@ 2022-03-22 14:13 ` cvs-commit at gcc dot gnu.org
2022-03-22 14:15 ` siddhesh at sourceware dot org
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2022-03-22 14:13 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28931
--- Comment #3 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215
commit 1c37b8022e8763fedbb3f79c02e05c6acfe5a215
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Thu Mar 17 11:44:34 2022 +0530
Simplify allocations and fix merge and continue actions [BZ #28931]
Allocations for address tuples is currently a bit confusing because of
the pointer chasing through PAT, making it hard to observe the sequence
in which allocations have been made. Narrow scope of the pointer
chasing through PAT so that it is only used where necessary.
This also tightens actions behaviour with the hosts database in
getaddrinfo to comply with the manual text. The "continue" action
discards previous results and the "merge" action results in an immedate
lookup failure. Consequently, chaining of allocations across modules is
no longer necessary, thus opening up cleanup opportunities.
A test has been added that checks some combinations to ensure that they
work correctly.
Resolves: BZ #28931
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE
2022-03-01 2:33 [Bug libc/28931] New: hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE siddhesh at sourceware dot org
` (3 preceding siblings ...)
2022-03-22 14:13 ` cvs-commit at gcc dot gnu.org
@ 2022-03-22 14:15 ` siddhesh at sourceware dot org
2023-09-12 15:29 ` [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE (CVE-2023-4813) siddhesh at sourceware dot org
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: siddhesh at sourceware dot org @ 2022-03-22 14:15 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28931
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Target Milestone|--- |2.36
Status|ASSIGNED |RESOLVED
--- Comment #4 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Fixed.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE (CVE-2023-4813)
2022-03-01 2:33 [Bug libc/28931] New: hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE siddhesh at sourceware dot org
` (4 preceding siblings ...)
2022-03-22 14:15 ` siddhesh at sourceware dot org
@ 2023-09-12 15:29 ` siddhesh at sourceware dot org
2023-09-12 16:49 ` fweimer at redhat dot com
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: siddhesh at sourceware dot org @ 2023-09-12 15:29 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28931
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|hosts lookup broken for |hosts lookup broken for
|SUCCESS=CONTINUE and |SUCCESS=CONTINUE and
|SUCCESS=MERGE |SUCCESS=MERGE
| |(CVE-2023-4813)
Alias| |CVE-2023-4813
Flags|security- |security+
--- Comment #5 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Apparently this configuration (inexplicably) does seem to be getting some use,
so this now has a CVE number. It's probably a good time to note that
SUCCESS=continue and SUCCESS=merge are not supported by the hosts database.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE (CVE-2023-4813)
2022-03-01 2:33 [Bug libc/28931] New: hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE siddhesh at sourceware dot org
` (5 preceding siblings ...)
2023-09-12 15:29 ` [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE (CVE-2023-4813) siddhesh at sourceware dot org
@ 2023-09-12 16:49 ` fweimer at redhat dot com
2023-09-13 3:18 ` sam at gentoo dot org
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: fweimer at redhat dot com @ 2023-09-12 16:49 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28931
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE (CVE-2023-4813)
2022-03-01 2:33 [Bug libc/28931] New: hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE siddhesh at sourceware dot org
` (6 preceding siblings ...)
2023-09-12 16:49 ` fweimer at redhat dot com
@ 2023-09-13 3:18 ` sam at gentoo dot org
2023-09-15 2:40 ` cvs-commit at gcc dot gnu.org
2023-09-15 15:32 ` cvs-commit at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: sam at gentoo dot org @ 2023-09-13 3:18 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28931
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sam at gentoo dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE (CVE-2023-4813)
2022-03-01 2:33 [Bug libc/28931] New: hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE siddhesh at sourceware dot org
` (7 preceding siblings ...)
2023-09-13 3:18 ` sam at gentoo dot org
@ 2023-09-15 2:40 ` cvs-commit at gcc dot gnu.org
2023-09-15 15:32 ` cvs-commit at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-15 2:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28931
--- Comment #6 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.35/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6e867146ee01de3ed1e94e777372093812a578e9
commit 6e867146ee01de3ed1e94e777372093812a578e9
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Thu Mar 17 11:44:34 2022 +0530
Simplify allocations and fix merge and continue actions [BZ #28931]
Allocations for address tuples is currently a bit confusing because of
the pointer chasing through PAT, making it hard to observe the sequence
in which allocations have been made. Narrow scope of the pointer
chasing through PAT so that it is only used where necessary.
This also tightens actions behaviour with the hosts database in
getaddrinfo to comply with the manual text. The "continue" action
discards previous results and the "merge" action results in an immedate
lookup failure. Consequently, chaining of allocations across modules is
no longer necessary, thus opening up cleanup opportunities.
A test has been added that checks some combinations to ensure that they
work correctly.
Resolves: BZ #28931
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
(cherry picked from commit 1c37b8022e8763fedbb3f79c02e05c6acfe5a215)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE (CVE-2023-4813)
2022-03-01 2:33 [Bug libc/28931] New: hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE siddhesh at sourceware dot org
` (8 preceding siblings ...)
2023-09-15 2:40 ` cvs-commit at gcc dot gnu.org
@ 2023-09-15 15:32 ` cvs-commit at gcc dot gnu.org
9 siblings, 0 replies; 11+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-15 15:32 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=28931
--- Comment #7 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.34/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=228cdb00a045ae3b68a91b35c7548bab6029446e
commit 228cdb00a045ae3b68a91b35c7548bab6029446e
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Thu Mar 17 11:44:34 2022 +0530
Simplify allocations and fix merge and continue actions [BZ #28931]
Allocations for address tuples is currently a bit confusing because of
the pointer chasing through PAT, making it hard to observe the sequence
in which allocations have been made. Narrow scope of the pointer
chasing through PAT so that it is only used where necessary.
This also tightens actions behaviour with the hosts database in
getaddrinfo to comply with the manual text. The "continue" action
discards previous results and the "merge" action results in an immedate
lookup failure. Consequently, chaining of allocations across modules is
no longer necessary, thus opening up cleanup opportunities.
A test has been added that checks some combinations to ensure that they
work correctly.
Resolves: BZ #28931
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
(cherry picked from commit 1c37b8022e8763fedbb3f79c02e05c6acfe5a215)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-09-15 15:32 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-01 2:33 [Bug libc/28931] New: hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE siddhesh at sourceware dot org
2022-03-01 2:34 ` [Bug libc/28931] " siddhesh at sourceware dot org
2022-03-01 2:34 ` siddhesh at sourceware dot org
2022-03-02 8:58 ` siddhesh at sourceware dot org
2022-03-22 14:13 ` cvs-commit at gcc dot gnu.org
2022-03-22 14:15 ` siddhesh at sourceware dot org
2023-09-12 15:29 ` [Bug libc/28931] hosts lookup broken for SUCCESS=CONTINUE and SUCCESS=MERGE (CVE-2023-4813) siddhesh at sourceware dot org
2023-09-12 16:49 ` fweimer at redhat dot com
2023-09-13 3:18 ` sam at gentoo dot org
2023-09-15 2:40 ` cvs-commit at gcc dot gnu.org
2023-09-15 15:32 ` cvs-commit at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).